take-ownership
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Skill runtime LLM context is driven by the GitHub issue body/comments and linked specs read via
gh issue view/gh apiin Phase 1–2; those are outsider-authored free text (other users’ issue content) that can be injected into the agent’s prompt.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). Skill explicitly instructs running privileged operations that modify system state (scp/rsync/remote cat >, chown, sudo -u, service restart, journalctl, etc.) and to perform deploy-file writes and permission changes—actions that require or escalate sudo and can compromise the host.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata